Go to streams , create new stream , it will ask user to get access , hive your concern user access to the stream with read and publish , as these two are basic for self services . Then go to aaps , create duplicate of your concerned app , then publish this duplicate app to your newly created stream . That's it . Security rule you need to create only if u are trying to restrict the object or apps from someone , as like , your stream has five user accessed and you want only one user can see any particular app. Hope I answered your question, if not please tell me